Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A warning on a new destructive 'trojan horse'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A warning on a new destructive 'trojan horse'
Authored by: defpo on May 12, '04 06:32:09PM

Naive, I guess, but won't you still have to enter a Admin password for this command to run (even with the -f attribute)? How does this scrip bypass asking for a password? Or does it?



[ Reply to This | # ]
So could Apple
Authored by: dombi on May 12, '04 06:38:41PM

Could Apple build in some kind of a security, that if a shell script is clicked on by a user, it would ask a question before clarifying if the user would want to run the script in the Terminal or not?

This could be turned on or off, but it would give a warking sign to users...Ialso feel though that this is not an Apple security issue.



[ Reply to This | # ]
Help...
Authored by: dombi on May 12, '04 06:54:23PM

This is weird...but how do you comment on the main post, and not on someone else's reply. I cannot seem to find a "reply to post" or "post a comment" button anywhere on the MacOSXHints page....thanks.



[ Reply to This | # ]
Help...
Authored by: robg on May 12, '04 07:09:49PM

Just below the article, above the first comment, there's a Reply button in the bar...

-rob.



[ Reply to This | # ]
Help...
Authored by: dombi on May 12, '04 07:22:13PM

Doh! I saw the Refresh button and the Reply next to it...but somehow it was just not obvious what it did. Thanks.
:-)



[ Reply to This | # ]
A warning on a new destructive 'trojan horse'
Authored by: Graff on May 12, '04 07:25:34PM

> won't you still have to enter a Admin password for this command to run

Nope, not if you are only deleting stuff in your own home directory. You have write permission on all of your own stuff and so that means you have permission to delete it. No password is needed when you are dealing with stuff you have write permission for.

Now, if you wanted to delete the actual system files and not just the stuff in your home directory then you would need to enter in an administrator password.

Even if they changed the rm command so that it needed permission a malicious program could still just write random data to a file to mess it up. The only way to stop that for sure is to ask you for every single file (documents, downloaded stuff, music, preferences, etc) that gets changed. Think about it, would you want to have to enter a password every single time you changed a file? Remember that almost every program writes to a preference file at least once while it is running. What a headache that would be!



[ Reply to This | # ]